SecurityCenter Continuous View: Network Security Monitoring with Real-Time Visibility to Vulnerabilities and Threats
The security staff of a large company discovers compromised human resources data on their network. This company had run routine vulnerability scans and performed periodic penetration tests. However, with the discovery of this compromise, it has become apparent that existing efforts are not enough.
Static scanning and quarterly testing may be considered best practices, but they are not enough with the increasing frequency of advanced attacks happening today. Some of the major challenges in the use of static scanning tools are:
- Intrusive Technologies: Scanning tools can be intrusive in that they may require deploying agents on assets, or they may consume network bandwidth for scanning, which will impact business operations.
- Unmanaged Assets: It is hard to discover and audit transient assets (e.g., mobile phones and virtual environments) and legacy Industrial Control Systems, which may have vulnerabilities that can easily be exploited.
- Unknown Applications/Services: Many assets may not hardened/patched to eliminate known vulnerabilities, such as Heartbleed. These assets could be used as launch pads for malware to penetrate the enterprise.
- Lack of Network Visibility: Any suspicious network traffic to Botnets and Command and Control (CnC) servers can go undetected, if network monitoring tools have no application level (layer 7) visibility.
Detecting advanced attacks in real-time requires continuous network monitoring and not being subject to blind spots inherent to static security scanning tools. SecurityCenter Continuous View gives real visibility to protect against network vulnerabilities and threats in real-time, providing actionable results.